How does email phishing even work?
by nnopain - June 24, 2020 at 03:03 PM
#1
So i keep reading that the best plausible way other than a dictionary attack to get a target's password is to just simply send them a phishing link and i've heard many people actually fall for this but my question is how? Email spoofer websites from what ive seen log your IP and keeps a record of it so if you ever caught they could use that against you. Not to mention whenever a person recieves an email from these spoofed emails its automatically flagged as spam. How do attackers do it?

btw i checked to see if there was a hacking section and i couldn't find it but if im wrong my bad.
#2
Another type of popular phishing scam is the Nigerian Prince, or 419 scam. These are phishing emails in which you’re asked to help bring large sums of money into the country, cash phony money orders or wire money to the thief. The trick is that the scammer first asks you for a small fee because the larger sum of money is “tied up” whether it be in wire transfer fees, processing fees or some other tall tale.
#3
just realized someone else had a similar thread lol

(June 24, 2020 at 03:05 PM)Fetisha Wrote: Another type of popular phishing scam is the Nigerian Prince, or 419 scam.  These are phishing emails in which you’re asked to help bring large sums of money into the country, cash phony money orders or wire money to the thief. The trick is that the scammer first asks you for a small fee because the larger sum of money is “tied up” whether it be in wire transfer fees, processing fees or some other tall tale.
yea ive heard about that. those types of scams are too well known. I mean like the ones where you send someone a reset password link and there has been 'suspicious' activity that needs to be correcting.
#4
(June 24, 2020 at 03:03 PM)nnopain Wrote: So i keep reading that the best plausible way other than a dictionary attack to get a target's password is to just simply send them a phishing link and i've heard many people actually fall for this but my question is how? Email spoofer websites from what ive seen log your IP and keeps a record of it so if you ever caught they could use that against you. Not to mention whenever a person recieves an email from these spoofed emails its automatically flagged as spam. How do attackers do it?

btw i checked to see if there was a hacking section and i couldn't find it but if im wrong my bad.

You surely  can steal session or cookie with just url  phishing attack.

How to do? You need go more deeper than make a question on raid
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Scammer | [email protected] 2804:14c:5b91:98af:38a8:d829:a9cc:6ebe 2804:14c:5b91:98af::1000 - https://rf.ws/pid/2982934
#5
Emails have trust scores, if you have a low trust score then the email will go to spam. I assume the reason why email spoofing goes to spam is because the email server the email is being sent from (it has to come from somewhere) has a low score.

You can solve this though, by registering your own domains and hosting your own email server, if you know how, I think this is how spammers do it, but you have to remember that spamming is a NUMBERS game, so you will likely not strike gold by hitting 1 target even if you have a believable phishing site setup.

Also, assuming you're using an ip + proxy, ip logging should not really be an issue.
#6
(June 24, 2020 at 09:31 PM)Barrown Wrote: Emails have trust scores, if you have a low trust score then the email will go to spam. I assume the reason why email spoofing goes to spam is because the email server the email is being sent from (it has to come from somewhere) has a low score.

You can solve this though, by registering your own domains and hosting your own email server, if you know how, I think this is how spammers do it, but you have to remember that spamming is a NUMBERS game, so you will likely not strike gold by hitting 1 target even if you have a believable phishing site setup.

Also, assuming you're using an ip + proxy, ip logging should not really be an issue.

Didn't know that thanks for the response.

(June 24, 2020 at 03:09 PM)WhiteCollar Wrote:
(June 24, 2020 at 03:03 PM)nnopain Wrote: So i keep reading that the best plausible way other than a dictionary attack to get a target's password is to just simply send them a phishing link and i've heard many people actually fall for this but my question is how? Email spoofer websites from what ive seen log your IP and keeps a record of it so if you ever caught they could use that against you. Not to mention whenever a person recieves an email from these spoofed emails its automatically flagged as spam. How do attackers do it?

btw i checked to see if there was a hacking section and i couldn't find it but if im wrong my bad.

You surely  can steal session or cookie with just url  phishing attack.

How to do? You need go more deeper than make a question on raid
oh okay, don't you need like network sniffer something like wireshark?
#7
I don't know I am so bad at this stuff

Possibly Related Threads…
Thread Author Replies Views Last Post
How IBM's metadata research made US drones even deadlier Santa Claus 0 127 June 07, 2021 at 07:27 PM
Last Post: Santa Claus
Question : How does it feel to be a Godlike Entity? CBT 6 384 May 26, 2021 at 04:17 AM
Last Post: PandaNapkin73
What does your privacy setup look like ManyDesires 20 1,125 April 22, 2021 at 10:36 PM
Last Post: Squ1d

 Users browsing this thread: 1 Guest(s)